This topic describes the differences in features and limits between enhanced NAT gateways and standard NAT gateways.
Comparison of features
| Item | Enhanced NAT gateway | Standard NAT gateway | Reference |
|---|---|---|---|
| Multiple NAT gateways for one virtual private cloud (VPC) | Supported | Not supported | Deploy multiple NAT gateways in one VPC |
| Associating a vSwitch with a NAT gateway | Supported | Not supported | N/A |
| Billing on an hourly basis | Supported | Not supported | Pay-by-data-transfer |
| Billing on a daily basis | Not supported | Supported | Pay-as-you-go |
| Processing TCP, UDP, and ICMP segments | Supported | Not supported | N/A |
| Metrics | 22 | 4 | Monitor and maintain NAT gateways |
| Associating multiple elastic IP addresses (EIPs) with a NAT gateway | Supported | Supported | Associate an EIP with a NAT gateway |
| Source Network Address Translation (SNAT) | Supported | Supported | Create a SNAT entry to access the Internet |
| Creating multiple SNAT entries in a SNAT table | Supported | Supported | |
| Associating multiple EIPs with a SNAT table | Supported | Supported | |
| Destination Network Address Translation (DNAT) | Supported | Supported | Create a DNAT entry to provide Internet-facing services |
| DNAT port mapping | Supported | Supported | |
| DNAT IP mapping | Supported | Supported | |
| Elastic Compute Service (ECS) instances use SNAT to access services that use DNAT to provide Internet-facing services if the same enhanced NAT gateway is used for SNAT and DNAT | Not supported | Supported | Use SNAT of enhanced NAT gateways to enable ECS instances to access Internet-facing services that use DNAT in the same VPC |
Comparison of limits
| Item | Enhanced NAT gateway | Standard NAT gateway |
|---|---|---|
| The maximum number of NAT gateways that can be deployed for a VPC | 5. To increase the quota, submit a ticket. | 1 (not adjustable) |
| Using an EIP for both SNAT and DNAT | Only selected users can use an EIP for both SNAT and DNAT. To apply to be added to the whitelist, submit a ticket. | Not supported (not adjustable) |
| The maximum number of DNAT entries that can be added to a NAT gateway | 100. You can increase the quota. For more information, see Quota management. | 100. You can increase the quota. For more information, see Quota management. |
| The maximum number of SNAT entries that can be added to a NAT gateway | 40. You can increase the quota. For more information, see Quota management. | 40. You can increase the quota. For more information, see Quota management. |
| The maximum number of EIPs that can be specified in a SNAT entry | 64 (not adjustable) | 64 (not adjustable) |
| Creating a NAT gateway for a VPC that contains a custom route entry whose destination CIDR block is 0.0.0.0/0 | Supported | Not supported. You must delete the custom route entry whose destination CIDR block is 0.0.0.0/0 before you can create a NAT gateway for the VPC. |
| Limits on a vSwitch by the bandwidth limit of the EIPs specified in the SNAT entry that is added to the vSwitch | Yes. If the EIPs are associated with an EIP bandwidth plan, the vSwitch is limited by the bandwidth limit of the EIP bandwidth plan. | Yes. If the EIPs are associated with an EIP bandwidth plan, the vSwitch is limited by the bandwidth limit of the EIP bandwidth plan. |
| The maximum number of EIPs that can be associated with a NAT gateway | 20. You can increase the quota. For more information, see Quota management. | 20. You can increase the quota. For more information, see Quota management. |
| The maximum number of pay-by-data-transfer EIPs that can be associated with a NAT gateway | 10. You can increase the quota. For more information, see Quota management. | 10. You can increase the quota. For more information, see Quota management. |
| The bandwidth limit of a pay-by-data-transfer EIP that is associated with a NAT gateway | 200 Mbit/s. If the EIP is associated with an EIP bandwidth plan, the bandwidth of the EIP that is associated with the enhanced NAT gateway is unlimited. | 200 Mbit/s (not adjustable) |
| The bandwidth limit of a NAT gateway | 5 Gbit/s. If the total bandwidth of the EIPs or EIP bandwidth plans is greater than 5 Gbit/s, submit a ticket to increase the quota. | A NAT gateway does not have a bandwidth limit. The bandwidth limit is based on the
bandwidth limit of the EIPs that are associated with a SNAT entry or a DNAT entry.
The bandwidth limit is also based on the bandwidth limit of the EIP bandwidth plans
to which the EIPs are added.
For example, you create a SNAT entry for a NAT gateway, and specify five pay-by-data-transfer EIPs and two pay-by-bandwidth EIPs with 500 Mbit/s bandwidth each in the SNAT entry. The bandwidth of the NAT gateway is limited to 2,000 Mbit/s. This value is based on the following calculation: 5 × 200 Mbit/s + 2 × 500 Mbit/s = 2,000 Mbit/s. If the seven EIPs are associated with the same EIP bandwidth plan, and the bandwidth of the EIP bandwidth plan is limited to 1,000 Mbit/s, the bandwidth limit of the NAT gateway is 1,000 Mbit/s. |
| The maximum number of concurrent connections for an EIP is 55,000. | Yes | Yes |
| The bandwidth limit of an EIP in an EIP bandwidth plan is 200 Mbit/s. | No | Yes |
| Users of NAT service plans are not allowed to associate EIPs with NAT gateways. | Yes | Yes |
| Your service may be temporarily interrupted when you change the bandwidth limit of the EIP bandwidth plan that is associated with a NAT gateway. For example, you can upgrade the bandwidth limit from less than 1 Gbit/s to greater than 1 Gbit/s. You can also downgrade the bandwidth limit from greater than 1 Gbit/s to less than 1 Gbit/s. | No | Yes |
| Your service may be temporarily interrupted when IP addresses in the existing SNAT entries are reduced. | Yes | Yes |
| Your service may be temporarily interrupted when IP addresses in the existing SNAT entries are increased. | No | Yes |
| Multiple ENIs are attached to an ECS instance, and an EIP is associated with one of the ENIs. Different ENIs are used to forward the inbound and outbound traffic of the ECS instance. In this scenario, the ECS instance can be accessed from the Internet. | No. You must modify the route of the ECS instance before you upgrade the standard NAT gateway to an enhanced NAT gateway. Make sure that the inbound and outbound traffic of the ECS instance is forwarded by using the same ENI. For more information, see Configure routes for ENIs. | Yes |